Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-28869

HistoryApr 12, 2024 - 10:15 p.m.

CVE-2024-28869

2024-04-1222:15:07

Alpine Linux Development Team

security.alpinelinux.org

traefik

http

reverse proxy

denial of service

cve-2024-28869

load balancer

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the “Content-length” request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.

OSVersionArchitecturePackageVersionFilename
Alpine3.20-communitynoarchtraefik= 3.0.0-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.20-community	noarch	traefik	= 3.0.0-r2	UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for ALPINE:CVE-2024-28869